- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 29 Oct 2013 11:20:00 -0700
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 29 October 2013 11:04, Martin Thomson <martin.thomson@gmail.com> wrote: >> Can you write up a complete >> use case where you will want to use the "noaccess" constraint Another use case: "Pre-negotiate Session" A user browses an unfamiliar site where they require assistance from a support agent. They are prompted to accept a real-time session with the support agent. The user accepts the call and then provides (temporary) consent for access to their camera and microphone. The user expects to be able to speak immediately upon granting consent. In order to ensure that the session is effectively live prior to consent being granted, session negotiation must have completed. The application is able to use a stream marked with a "noaccess" constraint to build a session, thereby ensuring that the session is live when the user grants their consent to access live media. This comes with some fingerprinting risks, but I believe those can be mitigated. The substance of the risk is that different sources produce different negotiation points, allowing a site to glean additional information about the source. For instance, native camera resolution might be leaked. This can be mitigated by having browsers report a fixed resolution (or a small set of options) for the purposes of negotiation based on noaccess streams. The different encoding profiles (codec + sundry) might also require some massaging to avoid excessive leaks, though non-software encoder configurations will inevitably leak a little. The alternative is to force applications to acquire consent for a media source prior to commencing negotiation. That's going to result in problems like the clipped "hello", which I would rather avoid. There are also other ways to achieve this sort of outcome, but each of those come with varying risks of the negotiation failing to negotiate properly. This has the advantage of negotiating with browser having full knowledge of the actual source, just not the image or sounds.
Received on Tuesday, 29 October 2013 18:20:27 UTC